Privacy Req 6
<< Back to Baseline Functional Requirements Index
PRIVACY-6. USAGE NOTICE
The goal of notice is to work toward informed consent from USERS: functional requirements should work toward strategies for improving USERS' understanding of their choices when engaging with services. Strategies include layered approaches, just-in-time notice, and other examples that can illustrate effective types of notice mechanism alternatives to privacy policies. In the case of material changes to the service, entities shall provide clear and conspicuous descriptions of the changes and their impacts on USERS in advance of the change.
“Consent” alone should not be used to mitigate privacy risks created by technical architecture or design, such as to mitigate risks that individuals could not be reasonably expected to be able to assess; see PRIVACY-5 (DATA AGGREGATION RISK).
See also the IDESG Usability Requirements (USABLE-1 through USABLE-7) regarding the clarity of notices given to USERS and others.
Further reference materials to aid organizations interested in conforming to these Requirements can be found at the wiki page Supplemental Privacy Guidance; this has been archived at https://workspace.idesg.org/kws/public/download.php/56/Supplemental-Privacy-Guidance.docx
The Kantara Consent Receipt is now available (January 2018) in draft form at https://groups.google.com/forum/#!topic/wg-infosharing/553qIdgaq0o